TFTP from Cisco 3650

Unanswered Question
Mar 10th, 2008
User Badges:

Hi, I'm not sure where this could be failing, so I will add as much info as possible.

I am simply trying to tftp from my Cisco 3650 to an internal tftp server. When I do a copy running-config tftp: etc and put in the IP and name, my tftp server sees the "put" request from the switch but aborts after so many retries.

Now this Cisco 3650 has a trunk port into a Cisco 3750. This 3750 then has a trunk port into a Cisco ASA then obviously into our Internal network.

To telnet onto the 3650 I have to telnet to the 3750 and telnet from there.

I guess if the tftp server is seeing the request from the 3650 then the routing is ok? I have tried some rules on the ASA but it didn't help. Could the Cisco 3560 need some sort of access-list?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Mon, 03/10/2008 - 05:26
User Badges:
  • Green, 3000 points or more

I think its an issue with the firewall rules only

The best thing would be to test the tftp on the local segment bypassing the firewall.


Richard Burts Mon, 03/10/2008 - 05:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


If you were using FTP instead of TFTP I would be more inclined to agree with the suggestion from Narayan that it was a firewall rule. This is because FTP opens a connection on one port for control traffic and opens a second connection on a different port for data traffic. It is a somewhat common problem with access rules for the control traffic to be permitted and the data traffic not permitted. But TFTP uses only a single connection and a single set of ports. If the server is seeing the put request then I believe that the access rules are working properly.

I have seen this kind of symptom where a put request to the TFTP server fails because of an issue on the TFTP server. Some servers require that the file already exist in the TFTP directory and that the file have remote write permissions. Can you check the directory that the TFTP server is using and create a file in that directory that has the file name that the remote device is trying to write? Give it a try and let us know if it works.



whiteford Mon, 03/10/2008 - 06:13
User Badges:


I have just installed the tftp server software on to a server on the switch (3CDaemon) so it's the same subnet etc and it worked. I have checked the settings of the tftp software and they are the same.

vaisharm Mon, 03/10/2008 - 05:40
User Badges:
  • Cisco Employee,


If you have a Cisco VPN client installed on the TFTP server, make sure you disable the stateful firewall and then try again.




This Discussion